Privacy notice
How we collect, store, use and protect personal information.
How we collect, store, use and protect personal information.
* Updated 5 November 2024
This privacy notice is about how Capitec Bank Holdings (“Capitec Group”), as a responsible party, handles your personal information. It covers the Capitec Group, its employees, contractors or authorised agents acting on the behalf of Capitec, its subsidiaries, or any third party and partners with whom we have contracted. It explains: what type of information we collect about you, how we use that information, who we may share it with, the circumstances under which we may share it, and how we will keep your personal information private and secure.
This privacy notice applies to you if you are:
Personal information means information, in any format, that can identify a living natural person or, where applicable, an existing juristic person.
Personal information excludes:
We will collect your personal information under these circumstances or conditions:
Each Capitec entity may also collect your personal information from other entities within the Capitec Group or from partners or affiliates of Capitec with whom the Capitec Group conducts business.
When you provide us with the personal information of other people (like dependents, beneficiaries, or lives assured), you confirm that you have their permission, where applicable, to share this information with us for the purposes outlined in this privacy notice. You also agree to indemnify us from any loss or damage that might occur if you share a third party’s information without the necessary consent or proper authorisation.
If you have an employment application, we may gather additional information about you from various sources. This could include public records, career platforms, social media, and other third parties. For instance, we might obtain insights from your professional or academic references, such as previous employers or educational institutions, as well as through third-party pre-employment background checks.
We will only collect your information in line with relevant regulations and laws. The information we collect, and process could include:
Depending on the products and services that you require, we may also collect special personal information about you, for example:
Depending on the products and services that you use, we may also collect or generate the following information about you:
Our personal information core processing principles are more fully described here
If we are unable to collect your personal information, or if you request that we restrict the processing of your personal information necessary to provide the products and services you have requested, we regret that we will not be able to continue offering you our products and services.
We will only process your personal information where we have a lawful reason for doing so and on a justifiable ground. For example, where you have consented to the processing, where it’s necessary for us to comply with obligations imposed by law, where it is necessary to perform a contract with you, or where it is necessary to pursue our legitimate interests or that of a third party (as further detailed below). You can exercise your POPIA rights related to this processing at any time here.
The personal information we collect may be processed through centralised functions and systems across entities (including joint ventures and companies) in the Capitec Group. It may be used for the purposes of fraud, risk monitoring and analysis, statistical analysis and to improve, develop, price and market products or services. This will be done with the appropriate controls as set out below.
Clients
We need to process your personal information to carry out the obligations of our agreement with you. This includes all the processing and pre-assessment activities that are required to enable us to sign you up for one or more of our Capitec Group products or services (for example, verifying your identity, pricing all contracts, assessing and verifying claims, assessing whether you qualify for a product or service, enrolling you for electronic signatures, obtaining your credit bureau information etc.), and managing the client relationship for the duration of the agreement and as required after termination of the client relationship.
To use some of our services, we need to confirm you are in South Africa. This is due to legal and Appstore requirements. For example, we need your location to let you play Lotto on our Capitec App and to accept payments with our Merchant Device. We also use location services to monitor for fraud and risk. You might need to allow the Capitec App to access your location while using it. We will never monitor or track your location other than during your use of the Capitec App.
Employees
We need to process your personal information to carry out the obligations of our agreement with you as a potential or permanent Capitec Employee. We will use the personal information collected for recruitment purposes and for purposes connected with your employment. We may seek more information about you from other sources, including from public domains, career platforms, social media and/or third parties.
We may need to process your personal information to comply with specific legal obligations. We operate in a highly regulated environment of banking, insurance, financial services, credit and other goods and services, which means that there are several laws, regulations and directives that require us to perform certain processing activities (such as FICA, the Income Tax Act, the VAT Act).
This may include using your personal information to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and/or that of others.
We will mostly collect information directly from you but there may be instances where we may need to obtain your information from the Department of Home Affairs, the Credit Bureaus and other public sources, to:
We will use the most reliable source of information to update your personal information where required.
We process your personal information to protect your legitimate interests or when necessary to pursue our own or a third party’s legitimate interest. We have processes in place to ensure that your personal information and right to privacy remain protected at all times.
We may record your interactions with us, such as emails, phone calls, live chats, and other communications. These recordings help us to verify your instructions, improve our service, train our staff, manage risks, and prevent fraud and other crimes. We may also collect information about the devices or software you use during these interactions.
We may use your personal information as a banking and insurance client to personalise existing and new products and services to benefit you. Our analysis includes data analytics, statistical or other analysis and profiling to better understand how you use our services, and to respond to any service issues you may have. You can opt out of this personal information usage at any time for direct marketing and personalised offers by changing the consent settings and communication preferences on your app or through the client care centre. Alternatively, send us a request on Processing Restriction Request | Privacy Centre | Capitec.
Opting out of direct marketing or personalised offers will only opt you out of product offer communications based on consent and not where the processing of your personal information is necessary when required by law or when required to carry out the obligations of an agreement we have with you. Where the processing of your personal information is required by law or when carrying out the obligations of an agreement, you cannot opt out of this communication.
Where you have consented to us doing so:
These services aim to keep you informed about and offer you new products, services and benefits that help you to live better, but also to educate you about good financial behaviours based on your previous actions or needs.
You can exercise your POPIA rights related to the retention of your personal information at any time here, but we may have to keep your personal information even if we no longer have a relationship with you to meet our legal requirements and for our legitimate business purposes, as set out in our information retention policy. Any retained information will be kept secure in line with our security policies. If we don’t need the information anymore, we may delete it or de-identify it.
We will take the appropriate, reasonable, technical and organisational steps to protect your personal information in line with industry best practices. This includes, for example:
Your information may be transferred to and stored in locations outside of South Africa. When we do this, we will ensure that the third party recipient of the information is subject to adequate data protection laws to ensure that your personal information is protected at the level of protection as required in terms of South African data protection laws and that the transfer is lawful.
We will not sell your personal information. No personal information will be disclosed to anyone except as provided in this privacy notice.
You have several rights in relation to the personal information that we hold about you. These rights include:
You may submit a grievance about the processing of your personal information in relation to this privacy notice through our Privacy Centre POPIA / Other Complaint | Privacy Centre | Capitec
You also have the right to file a complaint with the Information Regulator about an alleged contravention of the protection of your personal information. The contact details of the Information Regulator are as follows:
Visit their website | |
Postal address | P.O Box 31533, Braamfontein, Johannesburg, 2017 |
Physical address |
The Information Regulator (South Africa)
|
Phone number | 010 023 5200 |
PAIAComplaints@inforegulator.org.za – should your PAIA request be denied or there is no response from public or private bodies for access to records you may use this email address to complain. POPIAComplaints@inforegulator.org.za – should you feel that your personal information has been violated, you may use this e-mail address to lodge a complaint. |
If we change ownership, merge with, acquire or are acquired by, or sell assets to another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on our website. If you are concerned about your personal information being transferred to a new owner, you may exercise your rights in our Privacy Centre by clicking on the following link: Exercise Your POPIA Rights | Privacy Centre (capitecbank.co.za)
We regularly review our practices to make sure your personal information is safe and used responsibly. Sometimes, we may need to update our data privacy policies. This may affect clauses in our contracts or terms and condition. If we do, we’ll let you know by posting a notice on our website or the Capitec App, or through another communication method. These notices will show what changes we made and when they start.
Please note that Capitec may not be able to continue a banking or insurance relationship with a client or provide clients with certain products or services if they object to or do not agree with the changes.
The latest version of this privacy notice is dated and made available on Capitec’s website. It applies to all data subject interactions with Capitec and will be accessible on Privacy Notice | Privacy Centre | Capitec.